[
https://issues.apache.org/jira/browse/WW-4596?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15132476#comment-15132476
]
Greg Huber edited comment on WW-4596 at 2/4/16 3:50 PM:
--------------------------------------------------------
Another possibility is in the ActionConfig Builder inner class is to remove the
add addAllowedMethod(method); (which is adding the {{x}})
and then when its build in XmlConfigurationProvider decide if the method is
needed in the permissions.
{code:java}
public Builder methodName(String method) {
target.methodName = method;
//addAllowedMethod(method);
return this;
}
{code}
XmlConfigurationProvider :
{code:java}
boolean isPattern = true;
if (methodName!= null && packageContext.isStrictMethodInvocation()) {
int len = methodName.length();
char c;
for (int x = 0; x < len; x++) {
c = methodName.charAt(x);
if (x < len - 2 && c == '{' && '}' == methodName.charAt(x + 2))
{
isPattern = false;
break;
}
}
}
if (methodName!=null && isPattern) {
allowedMethods.add(methodName);
}
{code}
This will only affect the permissions not the method x{1}x stuff and since
action permissions inherit (?) from the "orig" value it should work.
This also works with
{code:java}
<action name="myView!*" method="prefix{0}suffix"
class="ui.struts2.editor.MyView">
{code}
As you need a method to pass SMI
<allowed-methods>prefixmyViewsuffix</allowed-methods>
The only thing that does not work is the message when there is no allowed
method :
There is no Action mapped for namespace [/mynamespace] and action name [myView]
associated with context path [/mycontext].
nuff said....
was (Author: gregh99):
Another possibility is in the ActionConfig Builder inner class is to remove the
add addAllowedMethod(method); (which is adding the {x})
and then when its build in XmlConfigurationProvider decide if the method is
needed in the permissions.
{code:java}
public Builder methodName(String method) {
target.methodName = method;
//addAllowedMethod(method);
return this;
}
{code}
XmlConfigurationProvider :
{code:java}
boolean isPattern = true;
if (methodName!= null && packageContext.isStrictMethodInvocation()) {
int len = methodName.length();
char c;
for (int x = 0; x < len; x++) {
c = methodName.charAt(x);
if (x < len - 2 && c == '{' && '}' == methodName.charAt(x + 2))
{
isPattern = false;
break;
}
}
}
if (methodName!=null && isPattern) {
allowedMethods.add(methodName);
}
{code}
This will only affect the permissions not the method x{1}x stuff and since
action permissions inherit (?) from the "orig" value it should work.
This also works with
{code:java}
<action name="myView!*" method="prefix{0}suffix"
class="ui.struts2.editor.MyView">
{code}
As you need a method to pass SMI
<allowed-methods>prefixmyViewsuffix</allowed-methods>
The only thing that does not work is the message when there is no allowed
method :
There is no Action mapped for namespace [/mynamespace] and action name [myView]
associated with context path [/mycontext].
nuff said....
> Strict DMI causes This method: for action is not allowed!
> -----------------------------------------------------------
>
> Key: WW-4596
> URL: https://issues.apache.org/jira/browse/WW-4596
> Project: Struts 2
> Issue Type: Bug
> Components: Core Actions
> Affects Versions: 2.5
> Reporter: Greg Huber
> Fix For: 2.5
>
>
> I have tried adding
> {code:xml}
> <global-allowed-methods>execute,input,cancel</global-allowed-methods>
> {code}
> and get
> {noformat}
> This method: cancel for action eventAdd is not allowed! - [unknown location]
> {noformat}
> {code:xml}
> <action name="eventAdd!*" method="{1}"
> class="ui.struts2.editor.EventAdd">
> <result name="input" type="tiles">.EventAdd</result>
> <result name="success" type="chain">eventEdit</result>
> <result name="cancel" type="redirectAction">
> <param name="actionName">memberEvents</param>
> <param name="pgn">${bean.pageNum}</param>
> <param name="suppressEmptyParameters">true</param>
> </result>
> </action>
> {code}
> checking ActionConfig:
> {code:java}
> public boolean isAllowedMethod(String method) {
> return method.equals(methodName != null ? methodName :
> DEFAULT_METHOD) || allowedMethods.isAllowed(method);
> }
> {code}
> Debugging I get a calls to isAllowedMethod with :
> {noformat}
> 1 methodName = {1} and method = execute
> 2 methodName = execute and method = cancel
> {noformat}
> Only #1 has the required cancel
> #2 there is only a {{\[LiteralAllowedMethod\{allowedMethod='execute'\}\]}}
> On further investigation
> {{com.opensymphony.xwork2.config.implActionConfigMatcher}} seems to create a
> new ActionConfig but then only uses the default allowed names:
> {code:java}
> return new ActionConfig.Builder(pkgName, orig.getName(), className)
> .methodName(methodName)
> .addParams(params)
> .addResultConfigs(results)
> .addInterceptors(orig.getInterceptors())
> .addExceptionMappings(exs)
> .location(orig.getLocation())
> .build();
> {code}
> Could use the original by appending
> .addAllowedMethod(orig.getAllowedMethods()), but I guess it should come from
> the ActionConfig stored in the packageContext or wherever the orig object
> gets its allowedMethods from.
> Cheers Greg
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
